WO2012165396A1 - Electronic control system - Google Patents

Electronic control system Download PDF

Info

Publication number
WO2012165396A1
WO2012165396A1 PCT/JP2012/063690 JP2012063690W WO2012165396A1 WO 2012165396 A1 WO2012165396 A1 WO 2012165396A1 JP 2012063690 W JP2012063690 W JP 2012063690W WO 2012165396 A1 WO2012165396 A1 WO 2012165396A1
Authority
WO
WIPO (PCT)
Prior art keywords
state
unit
control system
electronic control
signal input
Prior art date
Application number
PCT/JP2012/063690
Other languages
French (fr)
Japanese (ja)
Inventor
成沢 文雄
祐 石郷岡
統宙 月舘
渉 永浦
英寿 小倉
Original Assignee
日立オートモティブシステムズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立オートモティブシステムズ株式会社 filed Critical 日立オートモティブシステムズ株式会社
Publication of WO2012165396A1 publication Critical patent/WO2012165396A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/26Functional testing

Definitions

  • the present invention relates to an electronic control system for diagnosing the state of an input / output device.
  • a microcontroller (hereinafter referred to as a microcomputer) incorporating a central processing unit, ROM, RAM, input / output signal processing device, and the like is used as a control device for automobile engine control and the like.
  • Software installed in a microcomputer is generally composed of application programs that perform control processing, device drivers that perform input / output, and operating systems (OS), etc., so that the control target performs the desired control operations. Has been.
  • Such a control device is required to have high safety because it directly controls the safety of the vehicle occupant by controlling the vehicle. For this reason, a fail-safe process is used in which a failure diagnosis of a device related to control is performed, and a transition is made to a safe state when a failure is detected.
  • Patent Document 1 For the purpose of improving the development efficiency of control software in general, methods such as configuring the software as small unit parts and reusing them, and hierarchizing these to localize the changes are adopted. Furthermore, a technique is adopted in which these software components are accumulated as assets and these components are developed in combination according to the network configuration of the development target electronic system (Patent Document 1).
  • Patent Document 2 a technique for reducing development man-hours by reusing software related to diagnosis using object-oriented technology
  • Japan Reliability Society Reliability Handbook, Nikka Giren, p. 318 Tomohiro Tomohiro: Fault Tolerant System Theory, IEICE, p. 149
  • a common method for improving software development efficiency is to reuse software when it is required to change hardware parts by making the software parts and making them correspond to actual physical hardware parts. Improves sex.
  • failures of sensors and actuators that are input / output devices include fixed faults that occur due to component failures, transient faults that temporarily occur due to electrical noise, alpha rays from radiation isotopes, etc.
  • hardware such as a simple one that checks the upper and lower thresholds, a judgment using a complex algorithm, a judgment that corrects long-term secular change by learning, etc. There are various methods specific to the part.
  • An object of the present invention is to provide an electronic control system capable of improving the reusability of software for diagnosing a failure of a target device and improving the development efficiency.
  • An electronic control system of the present invention that solves the above-described problem has an arithmetic processing device having arithmetic means and storage means, and a plurality of signal input means, and electronic control for diagnosing the signal input means in the arithmetic processing device.
  • the arithmetic processing unit includes a unique condition determination unit that prepares a condition determination corresponding to each signal input unit according to the type of each signal input unit, and a unique condition determination unit to each signal input unit. It is characterized by having an inquiry switching section for calling up information on the corresponding condition determination, and a state management section for managing and updating the state of each signal input means.
  • the figure which showed the structure of hardware The figure which showed the structure of software.
  • the figure which showed the state transition of software The figure which showed the structure of the conversion table.
  • the figure which showed the execution procedure of diagnostic state update process The figure which showed an example of the program which comprises a state management part.
  • the failure that causes malfunction of the electronic control system to be diagnosed can be classified into fixed faults caused by component failures, etc., electrical noise, cosmic rays, and radiation isotopes in the materials constituting semiconductor devices. Are classified as transient faults that are temporarily generated by ⁇ rays (Non-Patent Document 1).
  • Non-Patent Document 2 Since transient faults literally occur transiently, that is, temporarily, even if a fault occurs, if the same process is executed again at a different time, in many cases, the process can be safely completed without causing a fault. Can be made. Such a method is called time redundancy (Non-Patent Document 2).
  • the electronic control system performs a diagnosis determination at each time point for extracting a factor that may cause a fixed fault, and a part for managing and updating a state transition for determining as a transient fault in the diagnosis process.
  • the control system is constructed with the part for managing and updating the state transition as a common component.
  • FIG. 1 is a diagram illustrating a hardware configuration of an automobile engine control system that is an example of an electronic control system according to the present embodiment.
  • the control unit (control device) 201 of the electronic control system has a microcontroller (CPU) 202, a signal input circuit 209, an actuator drive circuit 210, and a communication circuit 213 as shown in FIG.
  • the control unit 201 performs control processing for driving the actuator 212 via the drive circuit 210 based on the external information acquired from the acceleration sensor 211 and the yaw rate sensor 216 via the signal input circuit 209. Some signals are subjected to control processing using input / output from another control device 215 obtained from the communication line 216 via the communication circuit 213.
  • the microcontroller 202 of the control unit 201 has an input circuit 203, an arithmetic unit 204, a volatile read / write memory (RAM) 205, a read only memory (ROM) 206, an output circuit 207, and a communication control unit 208. ing.
  • the acceleration sensor 211 and the yaw rate sensor 216 are examples of sensors connected to the control unit 201, and may be other sensors that detect temperature, current, and other physical quantities, and can obtain the same effect. is there.
  • FIG. 2 is a diagram for explaining functions by software of the automobile engine control system of FIG.
  • FIG. 6 is a diagram illustrating an example of a program constituting the state management unit 101 in FIG.
  • the state management unit 101 performs diagnosis information update processing for defining and managing the states of a plurality of target devices (signal input means) that are diagnosis targets in common. Then, the inquiry switching unit 102 is notified of an ID for specifying a device to be diagnosed, an inquiry about whether it is abnormal, and an inquiry about whether it is normal. Further, the state management unit 101 calls the condition determination information corresponding to each target device (the acceleration sensor 211 and the yaw rate sensor 216) from the inquiry switching unit 102.
  • condition determination corresponding to each type of target device is defined in advance according to the type of target device. For example, a threshold value for abnormality determination depending on each target device is defined.
  • the state management unit 101 performs a determination process by executing the condition determination defined for each target device by the unique condition determination unit 103 via the inquiry switching unit 102.
  • the processing operation of the unique condition determination unit 103 is determined as normal if the result of digital conversion of the voltage value is within the range of the upper limit value that can be taken from the lower limit value that can be taken as the target device. If there is, it is determined as an abnormal state.
  • the state management unit 101 updates the current state of each diagnosis target based on the determination result obtained by the determination process. Each state is stored as state information in the state information storage unit 105 and prepared for each diagnosis target.
  • the state management unit 101 acquires and updates state information unique to each target device by making an inquiry to the state information switching unit 104.
  • various application programs for vehicle control which are not described in FIG. 2, read the state stored in the state information storage unit 105 for each device, and realize control processing according to the failure state of the device. . Further, by outputting the state information stored in the state information storage unit 105 from the diagnostic terminal 214, it is possible to properly monitor the vehicle failure state at a dealer or the like. Here, the output of the state information is performed in synchronization with the cycle of executing the state management unit 101, so that it is possible to grasp in detail including the progress of the failure state of various devices.
  • FIG. 3 is a state transition diagram of the diagnostic information update processing software executed by the state management unit.
  • a normal state 301 an abnormal detection state 303, an abnormal state 306, and a normal recovery state 309 are defined as states to be diagnosed.
  • the ultimate goal of diagnosis is to determine whether the sensor etc. is normal or abnormal, but in the actual diagnosis of the actual control system, there are false detections due to unforeseen circumstances such as electrical noise and radiation.
  • the anomaly detection operation continues for a predetermined period and continues for a certain period. When an abnormality is detected, it is often determined as a fixed fault.
  • the process for determining whether or not the abnormality detection is continued is shared in the diagnosis process of a plurality of devices. Therefore, all the devices to be diagnosed make a state transition between states defined in common by the state management unit as described above.
  • This abnormality detection operation is continued in the abnormality detection state 303. If an abnormality is continuously detected for a certain time or number of times in the abnormality detection state 303, the abnormality state 306 is determined. A normal recovery state 309 is shown for the purpose of recovery from a transient failure or the like. Again, if the normal return condition continues, transition to the normal state 301 is made.
  • the diagnosis target in the normal state 301 makes a condition determination by the process of the abnormal initial detection 302. Then, when the condition is satisfied, the state transits to the abnormality detecting state 303, and when the condition is not satisfied, the normal state continuation 311 is performed.
  • the abnormal detection state 303 When in the abnormal detection state 303, if the condition for transitioning to the abnormal state is satisfied by the determination of the abnormal transition detection 305, the transition to the abnormal state 306 is made. On the other hand, if the condition for normal return detection 304 is satisfied, the state transitions to the normal state 301. If the condition of the abnormality detection continuation 312 is satisfied, the abnormality detection state 303 continues.
  • the state transits to the normal recovery state 309, and when the abnormal state continuation determination 313 is satisfied, the abnormal state is maintained.
  • the normal returning state 309 if the condition for returning to the normal state is satisfied by the determination of the normal transition detection 310, the state transitions to the normal state 301. If the condition of the re-abnormality determination 308 is satisfied, the state transits to the abnormal state 306, and if the condition of the normal return continuation 314 is satisfied, the normal recovery state 309 is continued.
  • the status management unit 101 calls the processing unit acquired from the table shown in FIG.
  • FIG. 4 is a diagram illustrating the configuration of the inquiry switching unit 102 in FIG. Inquiry switching is realized using a table that calls a process.
  • Fig. 4 (a) shows the definition of the structure of the table, which is realized by holding the address to the processing corresponding to each part in the data structure such as C language structure.
  • 401 is the definition of the entire structure, and its items are composed of an abnormality determination processing address 402, an abnormality determination continuation processing address 403, a normal return determination processing address 404, and a normal determination continuation processing address 405.
  • the processing of the state management unit can be shared for each target device, and specific determination conditions for each target device can be individually called.
  • Fig. 4 (b) is an example in which an address to a process for diagnosing an acceleration sensor, which is an example of a diagnosis target device, is registered using this data structure.
  • the acceleration sensor call table 406 whether or not to continue the call destination 407 of the process (acceleration sensor abnormality determination process) for determining the condition for the acceleration sensor 211 to transition from the normal state to the error state, the abnormality detection state of the acceleration sensor 211 is determined.
  • Call destination 408 of the process for determining whether or not (acceleration sensor abnormality determination continuation process) call destination 409 of the process for determining whether the acceleration sensor 211 returns from the abnormal state to the normal state (acceleration sensor normal return determination process), acceleration sensor A call destination 410 of processing for determining whether to continue the normal return state 211 (acceleration sensor normality determination continuing processing) is registered.
  • Fig. 4 (c) shows an example of registering the address to the process for diagnosing the yaw rate sensor using this data structure.
  • yaw rate sensor call table 411 whether or not to continue the call destination 412 of the process for determining the condition for the yaw rate sensor 216 to transition from the normal state to the error state (yaw rate sensor abnormality determination process) and the abnormality detection state of the yaw rate sensor 216 are determined.
  • Called 413 for processing to determine whether (yaw rate sensor abnormality determination continuation processing) called destination 414 for processing to determine whether the yaw rate sensor 216 returns from an abnormal state to a normal state (yaw rate sensor normal return determination processing), yaw rate sensor
  • a call destination 415 of a process for determining whether to continue the normal recovery state of 216 is registered.
  • FIG. 7 shows an example in which the inquiry switching unit 102 is described using C language.
  • FIG. 5 is a flowchart for explaining a procedure for the state management unit 101 to execute diagnostic process information update.
  • the current state of each target device of the acceleration sensor 211 and the yaw rate sensor 216 is acquired, and whether it is “normal state”, “abnormal detection state”, “abnormal state”, or “normal return detection state” Is evaluated (501).
  • the abnormality determination function of the target device is read from the table (506), and the determination process is performed (510). If the result of the determination process is “abnormal detection”, the process proceeds to the abnormal detection state and initializes the error counter (518). This is a counter for measuring the elapsed time for separating the transient fault from the fixed fault. On the other hand, if the result of determination processing 510 is “not detected”, no particular processing is performed and the current state is maintained.
  • the abnormality determination continuing function of the target device is read from the table (507), and the function is called to perform error checking (511). ). If the result of the error check determination process (511) is an abnormality detection, an error counter is added (514), and the error counter is compared with a predefined threshold value (516). If the value of the error counter is equal to or greater than the threshold (error counter ⁇ threshold), transition to an abnormal state (520), and if the value of the error counter is smaller than the threshold (error counter ⁇ threshold), no particular processing is performed. Maintain the current state. As a result, it is possible to distinguish between a transient fault and a fixed fault.
  • the normal device return judgment function of the target device is read from the table (508), and the judgment process is called to check the return condition (512).
  • the result of the determination process is the return condition detection
  • the state transits to the normal return detecting state, and the normal return counter is initialized (521).
  • the result of the determination process of the return condition check (512) indicates that the return condition is not detected, no particular process is performed and the current state is maintained. Thereby, it is determined as a fixed fault.
  • the normal transition determination continuation function of the target device is read from the table (509), and that function is called to check the recovery condition (513) .
  • the result of the determination process is a normal return condition detection
  • a normal return counter is added (515), and the normal return counter is compared with a predefined threshold value (517). If the value of the normal return counter is equal to or greater than the threshold value (normal return counter ⁇ threshold value), the state transitions to the normal state (523), and if the value of the normal return counter is smaller than the threshold value (normal return counter ⁇ threshold value), the processing is performed. Keep the current state without doing.
  • the determination result corresponding to the current state is output as a diagnosis result (524). If the result of the determination process of the return condition check (513) indicates that the return condition is not detected, a transition is made to an abnormal state (522). Thereby, it is determined again as a fixed fault.
  • a diagnosis process peculiar to each target device and a process that can be shared, for example, a process for distinguishing between a transient fault and a fixed fault are separated, and the transient fault is fixed. Since the state management is made common without depending on the target device for the process for distinguishing from the fault, the process for detecting the transient fault can be reused without depending on the target device.
  • a diagnostic inquiry table in the inquiry switching unit 102 is added to perform hardware-specific diagnostic processing. This makes it possible to add new hardware. Therefore, the man-hour for addition can be reduced.

Abstract

An objective of the present invention is to obtain an electronic control system with which it is possible to improve reusability and development efficiency of software with which a fault diagnosis of a subject device is carried out. To implement the objective of the present invention, it is made possible to separate a diagnosis process for detecting a transient fault from a process for detecting a fixed fault, standardize the diagnosis process for detecting the transient fault, and reuse the process for detecting the transient fault via a call table.

Description

電子制御システムElectronic control system
 本発明は、入出力装置の状態を診断する電子制御システムに関する。 The present invention relates to an electronic control system for diagnosing the state of an input / output device.
 自動車エンジン制御などの制御装置として、中央演算装置、ROM、RAM、入出力信号処理装置などを内蔵したマイクロコントローラ(以下マイコンと表記)が用いられている。マイコンに搭載されるソフトウエアは、制御対象が目的とする制御動作を行うように、一般的には、制御処理を行うアプリケーションプログラムと、入出力を行うデバイスドライバやオペレーティングシステム(OS)などによって構成されている。 A microcontroller (hereinafter referred to as a microcomputer) incorporating a central processing unit, ROM, RAM, input / output signal processing device, and the like is used as a control device for automobile engine control and the like. Software installed in a microcomputer is generally composed of application programs that perform control processing, device drivers that perform input / output, and operating systems (OS), etc., so that the control target performs the desired control operations. Has been.
 このような制御装置は、車両の制御を行うことで車両乗員の安全性に直接関わる制御を行うことから、高い安全性を要求されている。このため、制御に関わる装置の故障診断を行い、故障が検出された場合には安全な状態へ遷移させるフェールセーフ処理が用いられている。 Such a control device is required to have high safety because it directly controls the safety of the vehicle occupant by controlling the vehicle. For this reason, a fail-safe process is used in which a failure diagnosis of a device related to control is performed, and a transition is made to a safe state when a failure is detected.
 また、近年制御の高度化と規模の増大に伴い、ヨーレートセンサ等のセンサ類や、ブレーキ装置等の制動装置等のように、安全に関わる入出力装置の数が増大し、その診断ソフトウエアの開発工数が課題となっている。 In recent years, with the increasing sophistication and scale of control, the number of safety input / output devices such as sensors such as yaw rate sensors and braking devices such as brake devices has increased. Development man-hours are an issue.
 制御ソフトウエア全般の開発効率向上を目的として、ソフトウエアを小さな単位の部品として構成しこれを再利用する手法や、これらを階層化し変更箇所を局所化する、などの手法が採用されており、さらに、これらのソフトウエアの部品を資産として蓄積し、開発対象の電子システムのネットワークの構成に応じてこれらの部品を組み合わせて開発する手法が採用されている(特許文献1)。 For the purpose of improving the development efficiency of control software in general, methods such as configuring the software as small unit parts and reusing them, and hierarchizing these to localize the changes are adopted. Furthermore, a technique is adopted in which these software components are accumulated as assets and these components are developed in combination according to the network configuration of the development target electronic system (Patent Document 1).
 また、診断に関するソフトウエアを、オブジェクト指向技術を用いて再利用することにより開発工数を削減する手法が採用されている(特許文献2)。 In addition, a technique for reducing development man-hours by reusing software related to diagnosis using object-oriented technology (Patent Document 2).
特開2000-97102号公報JP 2000-97102 A 特開2002-14839号公報JP 2002-14839 A
 ソフトウエアの開発効率を向上するための一般的な手法においては、ソフトウエアを部品化し、実際の物理的なハードウエア部品と対応させることにより、ハードウエア部品の変更が要求された際の再利用性を向上させている。 A common method for improving software development efficiency is to reuse software when it is required to change hardware parts by making the software parts and making them correspond to actual physical hardware parts. Improves sex.
 しかしながら、入出力装置であるセンサやアクチュエータの故障には、部品の故障などにより発生する固定フォールトと、電気的雑音や、放射線同位元素からのα線などにより一時的に発生する過渡フォールトなどがあり、実際の診断には、上限値や下限値の閾値をチェックする単純なものから、複雑なアルゴリズムを用いて判断するもの、長期間の経年変化を学習によって補正しながら判断するもの、などハードウエア部品に固有な様々な方法がある。 However, failures of sensors and actuators that are input / output devices include fixed faults that occur due to component failures, transient faults that temporarily occur due to electrical noise, alpha rays from radiation isotopes, etc. For actual diagnosis, hardware such as a simple one that checks the upper and lower thresholds, a judgment using a complex algorithm, a judgment that corrects long-term secular change by learning, etc. There are various methods specific to the part.
 また、複数の処理をひとつの共通部として纏めてソフトウエアの再利用性を向上させる技術に各種のフレームワークがあるが、特に自動車などの制御に必要なリアルタイム制御を実現するためには、演算、入出力処理などの各処理の内容が正しいこととともに、最適なタイミングで行われる必要があり、数マイクロ秒の遅延も許されない場合も多い。 In addition, there are various frameworks for technologies that improve the reusability of software by combining multiple processes as one common part. In addition to the fact that the contents of each process such as the input / output process are correct, they need to be performed at an optimal timing, and a delay of several microseconds is often not allowed.
 また、製品搭載のマイクロコンピュータ(マイコン)の制約から、大きな遅延時間を余儀なくされる汎用フレームワークやJava(登録商標)やC++などのオブジェクト指向技術に基づく複雑な処理を導入は困難である。 Also, due to restrictions of microcomputers installed in products, it is difficult to introduce general-purpose frameworks that require a large delay time and complex processing based on object-oriented technologies such as Java (registered trademark) and C ++.
 本発明の目的は、対象デバイスの故障診断を行うソフトウエアの再利用性を向上し、開発効率を向上することができる電子制御システムを提供することである。 An object of the present invention is to provide an electronic control system capable of improving the reusability of software for diagnosing a failure of a target device and improving the development efficiency.
 上記課題を解決する本発明の電子制御システムは、演算手段と記憶手段とを有する演算処理装置と、複数の信号入力手段を有し、前記演算処理装置において前記信号入力手段の診断を行う電子制御システムであって、演算処理装置は、各信号入力手段に対応した条件判定を、各信号入力手段の種類に応じて準備する固有条件判定部と、固有条件判定部から、前記各信号入力手段に対応した条件判定の情報を呼び出す問い合せ切替え部と、各信号入力手段の状態を管理更新する状態管理部と、を有することを特徴としている。 An electronic control system of the present invention that solves the above-described problem has an arithmetic processing device having arithmetic means and storage means, and a plurality of signal input means, and electronic control for diagnosing the signal input means in the arithmetic processing device. In the system, the arithmetic processing unit includes a unique condition determination unit that prepares a condition determination corresponding to each signal input unit according to the type of each signal input unit, and a unique condition determination unit to each signal input unit. It is characterized by having an inquiry switching section for calling up information on the corresponding condition determination, and a state management section for managing and updating the state of each signal input means.
 本発明によれば、各部品で共通な処理を再利用することが可能となり、新規に診断処理を開発する際にも、診断対象の故障と検出方法の種類に対応した固有条件判定部のみ定められたインターフェースの内容を実現することに注力すれば良いため、開発効率が向上する。本明細書は、本願の優先権の基礎である日本国特許出願2011-122659号の明細書及び/または図面に記載されている内容を包含する。 According to the present invention, it is possible to reuse a process common to each part, and even when developing a new diagnostic process, only the specific condition determination unit corresponding to the failure to be diagnosed and the type of detection method is determined. Development efficiency is improved because it is only necessary to focus on realizing the contents of the specified interface. This specification includes the contents described in the specification and / or drawings of Japanese Patent Application No. 2011-122659, which is the basis of the priority of the present application.
ハードウエアの構成を示した図。The figure which showed the structure of hardware. ソフトウエアの構成を示した図。The figure which showed the structure of software. ソフトウエアの状態遷移を示した図。The figure which showed the state transition of software. 変換テーブルの構造を示した図。The figure which showed the structure of the conversion table. 診断状態更新処理の実行手順を示した図。The figure which showed the execution procedure of diagnostic state update process. 状態管理部を構成するプログラムの一例を示した図。The figure which showed an example of the program which comprises a state management part. 問い合せ切り替え部をC言語を用いて記述した例を示す図。The figure which shows the example which described the inquiry switching part using C language.
 以下、本発明の実施形態について説明する。 Hereinafter, embodiments of the present invention will be described.
 診断対象となる電子制御システムの誤動作を引き起こす原因となる故障を分類すると、部品の故障などにより発生する固定フォールトと、電気的雑音や、宇宙線,半導体素子を構成する材料中の放射線同位元素からのα線などにより一時的に発生する過渡フォールトに分類される(非特許文献1)。 The failure that causes malfunction of the electronic control system to be diagnosed can be classified into fixed faults caused by component failures, etc., electrical noise, cosmic rays, and radiation isotopes in the materials constituting semiconductor devices. Are classified as transient faults that are temporarily generated by α rays (Non-Patent Document 1).
 過渡フォールトは、文字通り過渡的、即ち一時的に発生するので、一旦フォールトが発生しても異なる時間に同一の処理を再度実行すれば、多くの場合にはフォールトが発生することなく無事処理を完了させることができる。このような方法を時間冗長と呼んでいる(非特許文献2)。 Since transient faults literally occur transiently, that is, temporarily, even if a fault occurs, if the same process is executed again at a different time, in many cases, the process can be safely completed without causing a fault. Can be made. Such a method is called time redundancy (Non-Patent Document 2).
 本実施の一形態における電子制御システムは、診断処理のうち過渡フォールトとして判定するための状態遷移の管理と更新を行う部分と、固定フォールトの可能性がある要因を抽出する各時点の診断判定を行う部分を分離し、これらの判定処理を行うための問い合わせを共通のインターフェースとして定めることにより、状態遷移の管理と更新を行う部分を共通部品として制御システムを構築したものである。過渡フォールトが発生した場合には、例えばセンサにおいては、その種類によらずに出力に同じ傾向のノイズが生じる。従って、このようなシステムにすることで、いずれのセンサにも同様の傾向で生じる過渡フォールトによるノイズを診断する処理を共通化できる。 The electronic control system according to the present embodiment performs a diagnosis determination at each time point for extracting a factor that may cause a fixed fault, and a part for managing and updating a state transition for determining as a transient fault in the diagnosis process. By separating the parts to be performed and defining the inquiry for performing these determination processes as a common interface, the control system is constructed with the part for managing and updating the state transition as a common component. When a transient fault occurs, for example, in a sensor, noise having the same tendency occurs in the output regardless of the type. Therefore, by using such a system, it is possible to share a process for diagnosing noise caused by a transient fault that occurs in the same tendency in any sensor.
(ハードウエア構成)
 図1は、本実施の形態における電子制御システムの一例である自動車エンジン制御システムのハードウエアの構成を説明する図である。 (Hardware configuration)
FIG. 1 is a diagram illustrating a hardware configuration of an automobile engine control system that is an example of an electronic control system according to the present embodiment.
 電子制御システムのコントロールユニット(制御装置)201は、図1に示すように、マイクロコントローラ(CPU)202と、信号入力回路209と、アクチュエータ駆動回路210と、通信回路213とを有している。 The control unit (control device) 201 of the electronic control system has a microcontroller (CPU) 202, a signal input circuit 209, an actuator drive circuit 210, and a communication circuit 213 as shown in FIG.
 コントロールユニット201は、加速度センサ211とヨーレートセンサ216から信号入力回路209を介して取得した外界の情報に基づき、駆動回路210を介してアクチュエータ 212を駆動する制御処理を行う。また、一部の信号については、通信回路213を介して通信線216から得た他の制御装置215からの入出力を用いて制御処理を行う。 The control unit 201 performs control processing for driving the actuator 212 via the drive circuit 210 based on the external information acquired from the acceleration sensor 211 and the yaw rate sensor 216 via the signal input circuit 209. Some signals are subjected to control processing using input / output from another control device 215 obtained from the communication line 216 via the communication circuit 213.
 コントロールユニット201のマイクロコントローラ202は、入力回路203と、演算装置204と、揮発性読み書きメモリ(RAM)205と、読み出し専用メモリ(ROM)206と、出力回路207と、通信制御装置208を有している。 The microcontroller 202 of the control unit 201 has an input circuit 203, an arithmetic unit 204, a volatile read / write memory (RAM) 205, a read only memory (ROM) 206, an output circuit 207, and a communication control unit 208. ing.
 加速度センサ211とヨーレートセンサ216は、コントロールユニット201に接続されるセンサの一例であり、温度や電流、その他の物理量を検知する他のセンサであってもよく、同様の効果を得ることが可能である。 The acceleration sensor 211 and the yaw rate sensor 216 are examples of sensors connected to the control unit 201, and may be other sensors that detect temperature, current, and other physical quantities, and can obtain the same effect. is there.
 (ソフトウエア構成)
 図2は、図1の自動車エンジン制御システムのソフトウエアによる機能を説明する図である。 (Software configuration)
FIG. 2 is a diagram for explaining functions by software of the automobile engine control system of FIG.
 制御の方法を記述したソフトウエアは、コントロールユニット201のROM206、およびRAM205に搭載され、演算装置204において処理される。このような制御装置上に、図2に示す構成のソフトウエアを実装する。ソフトウエアは、OS(オペレーティングシステム)106から起動され、OSに登録されたタイミングで状態管理部101の処理を起動する。状態管理部101は例えば関数で記述され、ソフトウェアの実行時には例えば、10ms周期毎に起動される。図6は、図1の状態管理部101を構成するプログラムの一例を示す図である。 Software describing the control method is mounted on the ROM 206 and the RAM 205 of the control unit 201 and processed by the arithmetic unit 204. The software having the configuration shown in FIG. 2 is mounted on such a control device. The software is started from the OS (operating system) 106 and starts processing of the state management unit 101 at a timing registered in the OS. The state management unit 101 is described as a function, for example, and is activated every 10 ms when the software is executed. FIG. 6 is a diagram illustrating an example of a program constituting the state management unit 101 in FIG.
 状態管理部101は、診断対象である複数の対象デバイス(信号入力手段)の状態をそれぞれ共通化して定義し、管理更新する診断情報更新処理を行う。そして、診断対象となるデバイスを特定するIDの通知と、異常であるかの問い合わせおよび正常であるかの問い合わせとを問い合わせ切り替え部102へ行う。さらに、状態管理部101は、問い合わせ切り替え部102から各対象デバイス(加速度センサ211、ヨーレートセンサ216)に対応した条件判定の情報を呼び出す。 The state management unit 101 performs diagnosis information update processing for defining and managing the states of a plurality of target devices (signal input means) that are diagnosis targets in common. Then, the inquiry switching unit 102 is notified of an ID for specifying a device to be diagnosed, an inquiry about whether it is abnormal, and an inquiry about whether it is normal. Further, the state management unit 101 calls the condition determination information corresponding to each target device (the acceleration sensor 211 and the yaw rate sensor 216) from the inquiry switching unit 102.
 これにより、状態管理部101が行う問い合わせ処理から、対象デバイスに依存する情報(判定条件等)についてのやり取りを省略することができる。つまり、種類の異なる複数の対象デバイスの診断に共通して必要となる状態管理処理を共通化することができる。 Thereby, it is possible to omit exchange of information (determination conditions and the like) depending on the target device from the inquiry processing performed by the state management unit 101. That is, it is possible to share a state management process that is necessary for diagnosis of a plurality of target devices of different types.
 固有条件判定部103には、各対象デバイスの種類に対応した条件判定が、対象デバイスの種類に応じてあらかじめ定義がされている。例えば、対象デバイス毎に依存する異常判定の閾値の定義等である。状態管理部101は、固有条件判定部103によって対象デバイス毎に定義された条件判定を、問い合わせ切り替え部102を介して実行し判定処理を行う。 In the unique condition determination unit 103, condition determination corresponding to each type of target device is defined in advance according to the type of target device. For example, a threshold value for abnormality determination depending on each target device is defined. The state management unit 101 performs a determination process by executing the condition determination defined for each target device by the unique condition determination unit 103 via the inquiry switching unit 102.
 固有条件判定部103の処理動作は一例としては、電圧値をデジタル変換した結果を対象デバイスとして取り得る下限値から取り得る上限値の範囲の値であれば正常状態であると判定し範囲外であれば異常状態と判定する。状態管理部101は、判定処理によって得られた判定結果をもとに、それぞれの診断対象の現在の状態を更新する。それぞれの状態は、状態情報記憶部105に状態情報として記憶され、診断対象毎に準備される。状態管理部101は、状態情報切り替え部104に問い合わせることにより各対象デバイス固有の状態情報の取得と更新を行う。 As an example, the processing operation of the unique condition determination unit 103 is determined as normal if the result of digital conversion of the voltage value is within the range of the upper limit value that can be taken from the lower limit value that can be taken as the target device. If there is, it is determined as an abnormal state. The state management unit 101 updates the current state of each diagnosis target based on the determination result obtained by the determination process. Each state is stored as state information in the state information storage unit 105 and prepared for each diagnosis target. The state management unit 101 acquires and updates state information unique to each target device by making an inquiry to the state information switching unit 104.
 そして、図2には記載されていない、車両制御用の各種アプリケーションプログラムが、各種デバイス毎に状態情報記憶部105に記憶された状態を読み出して、デバイスの故障状態に応じた制御処理を実現する。また、診断端末214から状態情報記憶部105に記憶された状態情報を出力することによって、ディーラー等において車両の故障状態を適切にモニタすることができる。ここで、状態情報の出力は、状態管理部101を実行する周期に同期させて行うことにより、各種デバイスの故障状態の経過を含めて詳細に把握することができる。 Then, various application programs for vehicle control, which are not described in FIG. 2, read the state stored in the state information storage unit 105 for each device, and realize control processing according to the failure state of the device. . Further, by outputting the state information stored in the state information storage unit 105 from the diagnostic terminal 214, it is possible to properly monitor the vehicle failure state at a dealer or the like. Here, the output of the state information is performed in synchronization with the cycle of executing the state management unit 101, so that it is possible to grasp in detail including the progress of the failure state of various devices.
 このようにして、各種デバイスの状態の読み出しと書き込みの処理を共通化することができる。 In this way, it is possible to share the process of reading and writing the state of various devices.
(ソフトウエアの処理詳細)
 図3は、状態管理部で実行される診断情報更新処理ソフトウエアの状態遷移図である。 (Software processing details)
FIG. 3 is a state transition diagram of the diagnostic information update processing software executed by the state management unit.
 本実施の形態においては、診断対象の状態として、正常状態301、異常検知中状態303、異常状態306、正常復帰中309の4つの状態が定義されている。診断の最終的な目標は、センサ等が正常か異常かを判定することであるが、実際の制御システムにおける自己診断では、電気的ノイズや放射線などによる不測の事態による誤検知などがあるため、想定外の事象が検出されたからと言ってすぐに異常判定せずに、過渡フォールトと固定フォールトとを区別するために、事前に定義した一定の期間、異常検知動作を継続し、一定の期間継続して異常が検知されると固定フォールトと判定することが多い。 In the present embodiment, four states of a normal state 301, an abnormal detection state 303, an abnormal state 306, and a normal recovery state 309 are defined as states to be diagnosed. The ultimate goal of diagnosis is to determine whether the sensor etc. is normal or abnormal, but in the actual diagnosis of the actual control system, there are false detections due to unforeseen circumstances such as electrical noise and radiation. In order to distinguish between transient faults and fixed faults without immediately judging an abnormality just because an unexpected event has been detected, the anomaly detection operation continues for a predetermined period and continues for a certain period. When an abnormality is detected, it is often determined as a fixed fault.
 本実施の形態では、このように異常検知が継続したか否かを判定するための処理を、複数のデバイスの診断処理において共通化する。従って、各診断対象デバイスのいずれも、上記のように状態管理部において共通化して定義された状態間で状態遷移する。 In the present embodiment, the process for determining whether or not the abnormality detection is continued is shared in the diagnosis process of a plurality of devices. Therefore, all the devices to be diagnosed make a state transition between states defined in common by the state management unit as described above.
 この異常検知動作の継続を行うのが異常検知中状態303である。異常検知中状態303で引き続き一定の時間あるいは回数異常が検出された場合には、異常状態306として確定する。また、過渡故障からの復帰などを目的として正常復帰の状態を示したのが、正常復帰中状態309である。ここでも、正常復帰の条件が引き続き成立すると、正常状態301へと遷移する。 This abnormality detection operation is continued in the abnormality detection state 303. If an abnormality is continuously detected for a certain time or number of times in the abnormality detection state 303, the abnormality state 306 is determined. A normal recovery state 309 is shown for the purpose of recovery from a transient failure or the like. Again, if the normal return condition continues, transition to the normal state 301 is made.
 各状態における条件判定詳細を以下に示す。正常状態301にある診断対象は、異常初期検知302の処理により条件判定を行う。そして、条件が成立した場合には、異常検知中状態303へ遷移し、条件が不成立の場合には、正常状態継続311をする。 Details of condition judgment in each state are shown below. The diagnosis target in the normal state 301 makes a condition determination by the process of the abnormal initial detection 302. Then, when the condition is satisfied, the state transits to the abnormality detecting state 303, and when the condition is not satisfied, the normal state continuation 311 is performed.
 異常検知中状態303にある場合は、異常遷移検知305の判定により異常状態へ遷移する条件が成立していれば異常状態306へ遷移する。一方、正常復帰検知304の条件が成立していれば正常状態301へ遷移する。そして、異常検知継続312の条件が成立していれば引き続き異常検知中状態303に留まる。 When in the abnormal detection state 303, if the condition for transitioning to the abnormal state is satisfied by the determination of the abnormal transition detection 305, the transition to the abnormal state 306 is made. On the other hand, if the condition for normal return detection 304 is satisfied, the state transitions to the normal state 301. If the condition of the abnormality detection continuation 312 is satisfied, the abnormality detection state 303 continues.
 異常状態306にある場合は、正常復帰判定307が成立すると正常復帰中状態309へ遷移し、異常状態継続判定313が成立すると異常状態に留まる。正常復帰中状態309にある場合は、正常遷移検知310の判定により正常状態へ復帰する条件が成立していれば正常状態301へ遷移する。再異常判定308の条件が成立していれば異常状態306へ遷移し、正常復帰継続314の条件が成立していれば引き続き正常復帰中状態309に留まる。 In the abnormal state 306, when the normal return determination 307 is satisfied, the state transits to the normal recovery state 309, and when the abnormal state continuation determination 313 is satisfied, the abnormal state is maintained. In the normal returning state 309, if the condition for returning to the normal state is satisfied by the determination of the normal transition detection 310, the state transitions to the normal state 301. If the condition of the re-abnormality determination 308 is satisfied, the state transits to the abnormal state 306, and if the condition of the normal return continuation 314 is satisfied, the normal recovery state 309 is continued.
 上記のうち、条件判定を行う処理である、異常初期検知302、正常復帰検知304、異常遷移検知305、正常復帰検知307、再異常判定308、正常遷移検知310、正常状態継続311の判定は、図4に示すテーブルから取得した処理部を状態管理部101が呼び出すことにより行う。 Among the above, the process of performing the condition determination, that is, abnormal initial detection 302, normal return detection 304, abnormal transition detection 305, normal return detection 307, re-abnormality determination 308, normal transition detection 310, normal state continuation 311 determination, The status management unit 101 calls the processing unit acquired from the table shown in FIG.
 図4は、図2の問い合せ切り替え部102の構成を説明する図である。問い合せ切り替えは、処理を呼び出すテーブルを用いて実現する。 FIG. 4 is a diagram illustrating the configuration of the inquiry switching unit 102 in FIG. Inquiry switching is realized using a table that calls a process.
 図4(a)は、そのテーブルの構造の定義であり、C言語の構造体などのデータ構造に各部品に対応した処理へのアドレスを保持することにより実現する。401は構造体全体の定義であり、その項目は、異常判定処理アドレス402、異常判定継続処理アドレス403、正常復帰判定処理アドレス404、正常判定継続処理アドレス405から構成される。これにより、状態管理部の処理を対象デバイス毎に共通化し、対象デバイス毎の具体的な判定条件については、個別に呼び出しを行うことができる。 Fig. 4 (a) shows the definition of the structure of the table, which is realized by holding the address to the processing corresponding to each part in the data structure such as C language structure. 401 is the definition of the entire structure, and its items are composed of an abnormality determination processing address 402, an abnormality determination continuation processing address 403, a normal return determination processing address 404, and a normal determination continuation processing address 405. As a result, the processing of the state management unit can be shared for each target device, and specific determination conditions for each target device can be individually called.
 図4(b)は、このデータ構造を用いて診断対象デバイスの一例である、加速度センサの診断を行う処理へのアドレスを登録した例である。 Fig. 4 (b) is an example in which an address to a process for diagnosing an acceleration sensor, which is an example of a diagnosis target device, is registered using this data structure.
 加速度センサー呼出しテーブル406には、加速度センサ211が正常状態からエラー状態へと遷移する条件を判定する処理(加速度センサー異常判定処理)の呼出し先407、加速度センサ211の異常検知状態を継続するか否かを判定する処理(加速度センサー異常判定継続処理)の呼出し先408、加速度センサ211の異常状態から正常状態への復帰の判定をする処理(加速度センサー正常復帰判定処理)の呼出し先409、加速度センサ211の正常復帰状態を継続するか否かを判定する処理(加速度センサー正常判定継続処理)の呼出し先410が登録されている。 In the acceleration sensor call table 406, whether or not to continue the call destination 407 of the process (acceleration sensor abnormality determination process) for determining the condition for the acceleration sensor 211 to transition from the normal state to the error state, the abnormality detection state of the acceleration sensor 211 is determined. Call destination 408 of the process for determining whether or not (acceleration sensor abnormality determination continuation process), call destination 409 of the process for determining whether the acceleration sensor 211 returns from the abnormal state to the normal state (acceleration sensor normal return determination process), acceleration sensor A call destination 410 of processing for determining whether to continue the normal return state 211 (acceleration sensor normality determination continuing processing) is registered.
 図4(c)は、このデータ構造を用いてヨーレートセンサの診断を行う処理へのアドレスを登録した例である。 Fig. 4 (c) shows an example of registering the address to the process for diagnosing the yaw rate sensor using this data structure.
 ヨーレートセンサー呼出しテーブル411には、ヨーレートセンサ216が正常状態からエラー状態へと遷移する条件を判定する処理(ヨーレートセンサー異常判定処理)の呼出し先412、ヨーレートセンサ216の異常検知状態を継続するか否かを判定する処理(ヨーレートセンサー異常判定継続処理)の呼出し先413、ヨーレートセンサ216の異常状態から正常状態への復帰の判定をする処理(ヨーレートセンサー正常復帰判定処理)の呼出し先414、ヨーレートセンサ216の正常復帰状態を継続するか否かを判定する処理(ヨーレートセンサー正常判定継続処理)の呼出し先415が登録されている。 In the yaw rate sensor call table 411, whether or not to continue the call destination 412 of the process for determining the condition for the yaw rate sensor 216 to transition from the normal state to the error state (yaw rate sensor abnormality determination process) and the abnormality detection state of the yaw rate sensor 216 are determined. Called 413 for processing to determine whether (yaw rate sensor abnormality determination continuation processing), called destination 414 for processing to determine whether the yaw rate sensor 216 returns from an abnormal state to a normal state (yaw rate sensor normal return determination processing), yaw rate sensor A call destination 415 of a process for determining whether to continue the normal recovery state of 216 (yaw rate sensor normal determination continuation process) is registered.
 図7に、問い合せ切り替え部102をC言語を用いて記述した例を示す。 FIG. 7 shows an example in which the inquiry switching unit 102 is described using C language.
 図5は、診断処理情報更新を状態管理部101が実行する手順を説明するフローチャートである。 FIG. 5 is a flowchart for explaining a procedure for the state management unit 101 to execute diagnostic process information update.
 まず、加速度センサ211やヨーレートセンサ216の各対象デバイスの現在状態を取得して、「正常状態」、「異常検出中状態」、「異常状態」、「正常復帰検出中状態」のいずれであるかを評価する(501)。 First, the current state of each target device of the acceleration sensor 211 and the yaw rate sensor 216 is acquired, and whether it is “normal state”, “abnormal detection state”, “abnormal state”, or “normal return detection state” Is evaluated (501).
 対象デバイスの現在状態が、「正常状態」である場合には(502)、その対象デバイスの異常判定関数をテーブルから読出し(506)、その判定処理をする(510)。判定処理の結果が「異常検出」であれば、異常検出中状態に遷移してエラーカウンタを初期化する処理を行う(518)。これは、過渡フォールトと固定フォールトとの切り分けを行うための経過時間を計測するためのカウンタである。一方、判定処理510の結果が「検出せず」であれば、特に処理をせず、現在状態を維持する。 When the current state of the target device is “normal state” (502), the abnormality determination function of the target device is read from the table (506), and the determination process is performed (510). If the result of the determination process is “abnormal detection”, the process proceeds to the abnormal detection state and initializes the error counter (518). This is a counter for measuring the elapsed time for separating the transient fault from the fixed fault. On the other hand, if the result of determination processing 510 is “not detected”, no particular processing is performed and the current state is maintained.
 対象デバイスの現在状態が、「異常検出中状態」である場合には(503)、その対象デバイスの異常判定継続中関数をテーブルから読出し(507)、その関数を呼び出してエラーチェックを行う(511)。エラーチェックの判定処理(511)の結果が異常検出であれば、エラーカウンタを加算し(514)、エラーカウンタと事前に定義した閾値とを比較する(516)。そして、エラーカウンタの値が閾値以上(エラーカウンタ≧閾値)であれば、異常状態に遷移し(520)、エラーカウンタの値が閾値より小さければ(エラーカウンタ<閾値)、特に処理をせず、現在状態を維持する。これにより、過渡フォールトと固定フォールトとの切り分けが可能になる。 When the current state of the target device is “abnormal detection state” (503), the abnormality determination continuing function of the target device is read from the table (507), and the function is called to perform error checking (511). ). If the result of the error check determination process (511) is an abnormality detection, an error counter is added (514), and the error counter is compared with a predefined threshold value (516). If the value of the error counter is equal to or greater than the threshold (error counter ≧ threshold), transition to an abnormal state (520), and if the value of the error counter is smaller than the threshold (error counter <threshold), no particular processing is performed. Maintain the current state. As a result, it is possible to distinguish between a transient fault and a fixed fault.
 また、エラーチェックの判定処理(511)の結果が、「異常検出せず」であれば、診断状態に遷移する(519)。 If the result of the error check determination process (511) is “no abnormality detected”, the state transitions to a diagnosis state (519).
 現在状態が、「異常状態」である場合には(504)、対象デバイスの正常復帰判定関数をテーブルから読出し(508)、その判定処理を呼出して復帰条件チェックを行う(512)。判定処理の結果が復帰条件検出の場合は、正常復帰検出中状態に遷移し、正常復帰カウンタを初期化する(521)。そして、復帰条件チェック(512)の判定処理の結果が復帰条件検出せずの場合は、特に処理をせず、現在状態を維持する。これにより、固定フォールトと判定される。 If the current state is “abnormal state” (504), the normal device return judgment function of the target device is read from the table (508), and the judgment process is called to check the return condition (512). When the result of the determination process is the return condition detection, the state transits to the normal return detecting state, and the normal return counter is initialized (521). Then, when the result of the determination process of the return condition check (512) indicates that the return condition is not detected, no particular process is performed and the current state is maintained. Thereby, it is determined as a fixed fault.
 現在状態が、「正常復帰検出中状態」である場合には(505)、対象デバイスの正常遷移判定継続中関数をテーブルから読出し(509)、その関数を呼出して復帰条件チェックを行う(513)。ここでは、固定フォールトから復帰し、再度過渡フォールトであるか否かの判定を行う。判定処理の結果が正常復帰条件検出の場合は、正常復帰カウンタを加算し(515)、正常復帰カウンタと事前に定義した閾値とを比較する(517)。そして、正常復帰カウンタの値が閾値以上(正常復帰カウンタ≧閾値)であれば、正常状態に遷移し(523)、正常復帰カウンタの値が閾値より小さければ(正常復帰カウンタ<閾値)、特に処理をせず、現在状態を維持する。上記の処理が完了すると、最後に現在状態と対応した判定結果を、診断結果として出力する(524)。そして、復帰条件チェック(513)の判定処理の結果が復帰条件検出せずの場合は、異常状態に遷移する(522)。これにより、再度固定フォールトと判定される。 If the current status is “normal recovery detection status” (505), the normal transition determination continuation function of the target device is read from the table (509), and that function is called to check the recovery condition (513) . Here, it returns from a fixed fault and determines again whether it is a transient fault. If the result of the determination process is a normal return condition detection, a normal return counter is added (515), and the normal return counter is compared with a predefined threshold value (517). If the value of the normal return counter is equal to or greater than the threshold value (normal return counter ≧ threshold value), the state transitions to the normal state (523), and if the value of the normal return counter is smaller than the threshold value (normal return counter <threshold value), the processing is performed. Keep the current state without doing. When the above processing is completed, the determination result corresponding to the current state is output as a diagnosis result (524). If the result of the determination process of the return condition check (513) indicates that the return condition is not detected, a transition is made to an abnormal state (522). Thereby, it is determined again as a fixed fault.
 前記構成を有する電子制御システムによれば、対象デバイス毎に特有の診断処理と、共通化が可能な処理、例えば過渡フォールトと固定フォールトとの区別を行う処理と、を分離し、過渡フォールトと固定フォールトとの区別を行う処理については対象デバイスに依存せずに状態管理を共通化させるので、過渡フォールトを検出するための処理等を対象デバイスに依存せず、再利用することができる。 According to the electronic control system having the above-described configuration, a diagnosis process peculiar to each target device and a process that can be shared, for example, a process for distinguishing between a transient fault and a fixed fault are separated, and the transient fault is fixed. Since the state management is made common without depending on the target device for the process for distinguishing from the fault, the process for detecting the transient fault can be reused without depending on the target device.
 前記構成を有する電子制御システムによれば、診断対象のハードウエア(対象デバイス)の数が増加した場合であっても、問い合わせ切り替え部102における診断問い合わせテーブルを追加し、ハードウエア固有の診断処理をすることにより新規ハードウエアの追加を実現できる。したがって、追加のための工数を削減できる。 According to the electronic control system having the above-described configuration, even when the number of hardware (target devices) to be diagnosed increases, a diagnostic inquiry table in the inquiry switching unit 102 is added to perform hardware-specific diagnostic processing. This makes it possible to add new hardware. Therefore, the man-hour for addition can be reduced.
101 状態管理部
102 問い合わせ切り替え部
103 固有条件判定部
104 状態情報切り替え部
105 状態情報記憶部
106 OS(オペレーティングシステム)
211 加速度センサ
216 ヨーレートセンサ 101 State Management Unit 102 Inquiry Switching Unit 103 Unique Condition Determination Unit 104 State Information Switching Unit 105 State Information Storage Unit 106 OS (Operating System)
211 Acceleration sensor 216 Yaw rate sensor

Claims (5)

  1.  複数のセンサまたはアクチュエータの各々の状態を診断する電子制御システムであって、少なくとも2つの前記複数のセンサまたはアクチュエータの状態遷移を、共通化して定義し、管理する状態管理部を有し、前記状態を診断結果として出力する電子制御システム。 An electronic control system for diagnosing the state of each of a plurality of sensors or actuators, comprising a state management unit for defining and managing state transitions of at least two of the plurality of sensors or actuators in common, An electronic control system that outputs diagnostic results.
  2.  請求項1に記載の電子制御システムであって、
     前記状態における処理内容は、前記センサまたはアクチュエータ毎に個別に設定され、前記状態管理部は、前記複数のセンサまたはアクチュエータの状態の管理を、前記複数のセンサまたはアクチュエータに依存せずに前記共通化した各々の状態を定義した問い合わせ切り替え部に問い合わせと更新により行う電子制御システム。     The electronic control system according to claim 1,
    The processing contents in the state are individually set for each sensor or actuator, and the state management unit shares the management of the state of the plurality of sensors or actuators without depending on the plurality of sensors or actuators. An electronic control system that performs inquiries and updates to an inquiry switching unit that defines each state.
  3.  請求項2に記載の電子制御システムであって、前記各々の状態を出力する出力部を備え、前記出力部は、前記状態を所定周期で出力することを特徴とする電子制御システム。 3. The electronic control system according to claim 2, further comprising an output unit that outputs each of the states, wherein the output unit outputs the states at a predetermined cycle.
  4.  演算手段と記憶手段とを有する演算処理装置と、複数の信号入力手段を有し、前記演算処理装置において前記信号入力手段の診断を行う電子制御システムであって、
     前記演算処理装置は、
     前記各信号入力手段に対応した条件判定を、各信号入力手段の種類に応じて準備する固有条件判定部と、
     前記固有条件判定部から、前記各信号入力手段に対応した条件判定の情報を呼び出す問い合せ切替え部と、
     前記各信号入力手段の状態を管理更新する状態管理部と、を有することを特徴とする電子制御システム。     An electronic control system having an arithmetic processing unit having a calculation unit and a storage unit, and a plurality of signal input units, and diagnosing the signal input unit in the arithmetic processing unit,
    The arithmetic processing unit includes:
    A unique condition determination unit for preparing a condition determination corresponding to each signal input means according to the type of each signal input means;
    An inquiry switching unit for calling up information on condition determination corresponding to each signal input means from the unique condition determination unit,
    An electronic control system comprising: a state management unit that manages and updates the state of each signal input means.
  5.  請求項4に記載の電子制御システムであって、
     前記各信号入力手段固有の状態情報を記憶する状態情報記憶部と、該状態情報記憶部に記憶されている前記複数の信号入力手段夫々に固有の状態情報の読出し書込み先を管理する状態情報切り替え部を有し、
     前記状態管理部は、前記状態情報切り替え部に前記状態の読み書きを問い合せると、前記状態情報切り替え部が前記状態情報記憶部に対して前記複数の信号入力手段に対応した診断対象の状態の読み出し、書き込みを行うことを特徴とする電子制御システム。     The electronic control system according to claim 4,
    State information storage unit for storing state information unique to each signal input unit, and state information switching for managing a read / write destination of state information unique to each of the plurality of signal input units stored in the state information storage unit Part
    When the state management unit queries the state information switching unit to read and write the state, the state information switching unit reads out the state of the diagnosis target corresponding to the plurality of signal input means to the state information storage unit, An electronic control system characterized by writing.
PCT/JP2012/063690 2011-05-31 2012-05-29 Electronic control system WO2012165396A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011-122659 2011-05-31
JP2011122659A JP5559100B2 (en) 2011-05-31 2011-05-31 Electronic control system

Publications (1)

Publication Number Publication Date
WO2012165396A1 true WO2012165396A1 (en) 2012-12-06

Family

ID=47259252

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/063690 WO2012165396A1 (en) 2011-05-31 2012-05-29 Electronic control system

Country Status (2)

Country Link
JP (1) JP5559100B2 (en)
WO (1) WO2012165396A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6276727B2 (en) * 2015-03-31 2018-02-07 株式会社日立製作所 Statistical model creation device, statistical model creation method, and statistical model creation program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002202001A (en) * 2000-12-28 2002-07-19 Denso Corp Vehicular control device provided with self-diagnostic function, and recording medium
JP2003316424A (en) * 2002-04-25 2003-11-07 Yokogawa Electric Corp Equipment diagnostic device
JP2005250591A (en) * 2004-03-01 2005-09-15 Denso Corp Equipment information generating device
JP2008242747A (en) * 2007-03-27 2008-10-09 Denso Corp Failure detection device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3980760B2 (en) * 1997-07-23 2007-09-26 株式会社東芝 Plant monitoring device
JP2007102561A (en) * 2005-10-05 2007-04-19 Sharp Corp Production device and production device management system
JP2010282318A (en) * 2009-06-03 2010-12-16 Hitachi Constr Mach Co Ltd Failure diagnostic device for machine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002202001A (en) * 2000-12-28 2002-07-19 Denso Corp Vehicular control device provided with self-diagnostic function, and recording medium
JP2003316424A (en) * 2002-04-25 2003-11-07 Yokogawa Electric Corp Equipment diagnostic device
JP2005250591A (en) * 2004-03-01 2005-09-15 Denso Corp Equipment information generating device
JP2008242747A (en) * 2007-03-27 2008-10-09 Denso Corp Failure detection device

Also Published As

Publication number Publication date
JP5559100B2 (en) 2014-07-23
JP2012252412A (en) 2012-12-20

Similar Documents

Publication Publication Date Title
JP6599054B2 (en) Abnormality determination device, abnormality determination method, and abnormality determination program
CN100375044C (en) Information processing apparatus and control method therefor
EP3249534B1 (en) Vehicle control device
US11281547B2 (en) Redundant processor architecture
US20100218047A1 (en) Method and device for error management
US20150095724A1 (en) Watchdog apparatus and control method thereof
JP5518810B2 (en) Vehicle control device and vehicle control system
US20150161323A1 (en) Method for checking a hardware-configurable logic circuit for faults
JP5559100B2 (en) Electronic control system
CN107924348B (en) Method and device for monitoring the state of an electronic line unit of a vehicle
JP2006259935A (en) Computation device with computation abnormality determination function
JP5226653B2 (en) In-vehicle control device
JP6502211B2 (en) Vehicle control device
CN110088735B (en) Control device and failure processing method for control device
JP2013065220A (en) Information processor
JP2006285734A (en) Method for diagnosing controller
Großmann et al. Efficient application of multi-core processors as substitute of the E-Gas (Etc) monitoring concept
CN113971100A (en) Method for monitoring at least one computing unit
CN108700861B (en) Method for operating a control device for a motor vehicle
CN113993752A (en) Electronic control unit and program
US20170023935A1 (en) Method and Control System
US20230166747A1 (en) Method for executing a driving task in a decentralized control unit system, and decentralized control unit system
US20240140448A1 (en) Electronic Control Device, On-Vehicle Control System, and Redundant Function Control Method
US20230398955A1 (en) In-vehicle use control system
JP6275098B2 (en) Control device and register failure recovery method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12793168

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12793168

Country of ref document: EP

Kind code of ref document: A1